Browsed byMonth: September 2015

A password is a string of characters or words, known by a person, kept secret, that authenticates that person as being someone authorized to gain access to something. The idea of passwords is an ancient one: think of sentries for thousands of years yelling, “Halt, who goes there? Give the password!” The first computer password scheme (probably) was implemented on CTSS by MIT around 1961.

Authentication is based on one or more factor from the list, “Something you know”, “Something you have”, “Who/what you are”. Think of a typical password, an authentication device like an RSA token or gridcard, and a fingerprint or retina scan.

I have ranted previously that the third factor is a problem, in part because if the digital representation gets stolen, that’s it. Game over. You can change a password. You can re-seed a token, or print off a new gridcard. But changing your fingerprints is not readily accessible to most people.

Password storage ranges from bad to not-so-bad. Users will memorize, use paper & pencil, keep them in a spreadsheet, etc. If you can memorize good passwords, you’re ahead of the game. Some people use an encrypted vault like KeePass or LastPass, but there is a definite sacrifice of convenience in these. Ah, well, everything’s a trade-off.

I will be giving a talk about passwords at the Rochester Security Summit next Tuesday (Oct. 6, 2015) at 10:30 AM. If you are not already registered for this event, why the heck not?

The post was pretty detailed about everything that he did, including how many hours he waited. Bur the important take-away from his report is that he was not charged for anything by the service center. Does this mean that indirectly, Samsung is actually admitting that there really is a problem, since there were no extra charges to get it repaired? Or did the Samsung center guys just take pity on him (user name RobVanDam)?

I still say it’s a design flaw and I say now Samsung appears to agree, at least tacitly.